Microsoft has today released their IoT SaaS offering for customers and partners called as “Microsoft IoT Central”. IoT Central enables powerful IoT scenarios without requiring cloud solution expertise and also simplifies the development process and makes customers to make quick time to market solutions, making digital transformation more accessible to everyone without overhead of implement solutions end to end.

As per Microsoft :

“IoT Central provides an easier way to create connected products that propel digital business. Take the complexity out of the Internet of Things (IoT) with a true, end-to-end IoT software as a service (SaaS) solution in the cloud that helps you build, use, and maintain smart products.”

Benefits of IoT Central:

Proven platform and technology with enterprise grade security.

Reduced complexities of setting up and maintaining IoT infrastructure and solutions.

Security(Cyber Security) is an essential requirement for any IoT platform or devices or end users and the communication infrastructure. In order to achieve or design best possible security solutions, to avoid some external entity or hacker gaining access to your IoT device or infrastructure, every architect or system designer should do Threat Modeling exercise. As the system is designed and architected, we can minimize the exposure to external threats to our IoT architecture.

With this article I am trying to provide you relevant bits and pieces essential for your understanding:

What is Cyber Security?

As per WhatIs.com – “Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.”

To make it more clear and simpler – Cyber Security also known as Computer security, or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection.

What is Threat Modeling?

The objective of threat modeling is to understand how an attacker might be able to compromise a system and then make sure appropriate mitigations are in place. Threat modeling forces the design team to consider mitigations as the system is designed rather than after a system is deployed. This fact is critically important, because retrofitting security defenses to a myriad of devices in the field is infeasible, error prone and will leave customers at risk.

[Content courtesy: Microsoft]

In order to optimize security best practices, it is recommended that a proposed IoT architecture be divided into several component/zones as part of the threat modeling exercise.

Relevant Important Zones for an IoT architecture :

Device,

Field Gateway,

Cloud gateways, and

Services.

Each zone is separated by a Trust Boundary, which is noted as the dotted red line in the diagram below. It represents a transition of data/information from one source to another. During this transition, the data/information could be subject to Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege (STRIDE).

[Content courtesy: Microsoft]

This diagram like below provides a full 360 view you any proposed solution:

Summary of important Sections/Zones:

The Device Zone – represents a thing or device where device to device or local user physical access is possible.

The Field Gateway Zone – Field gateway is a device/appliance (Embedded/Hardware) or some general-purpose software that runs on a Physical Server, and acts as communication enabler and potentially, as a device control system and device data processing hub.

The Cloud Gateway Zone – Cloud gateway is a system that enables remote communication from and to devices or field gateways from several different sites across public network space, typically towards a cloud-based control and data analysis system, a federation of such systems.

The Services Zone –A “service” is any software component or module that is interfacing with devices through a field- or cloud gateway for data collection and analysis, as well as for command and control. Services are mediators.

Once we identified threat boundaries we should be able to provide fail safe security measures each associated zones, to meet the business needs and global information exchange and data compliance standards. It is also important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.

In next session, we will go through Microsoft’s IoT Reference architecture and associated security measures been put together across each zones.

Provides a rich set of features through Device Management capability. Includes individually enable/disable or provision new device. Change security keys as needed. View/identify individual device problems easily.

Does not provide individual performance metrics. Can provide only a high level aggregated metrics only.

Scalability

Scalable to thousands/millions of simultaneous devices

Limited number of simultaneous connections up to 5000 connections per Azure Service Bus Quotas. Event Hub provides a capability to partition your message to channel it in to associated Service Bus quotas.

SDK Support/ Developer Support

Provides very good Integration SDK and developer support. Both Azure IoT Device SDK and IoT Gateway SDK are the most essential kits provided for almost all devices/OS platforms. It also support all the latest programming languages such as C#, Node.js, Java and Python. Also provides direct MQTT, AMQP and REST based HTTP APIs. Very detail oriented documentation provided.

.NET, Java and C apart from protocols such as AMQP, HTTP API interfaces.

Files/Images Upload Capability

Supports IoT devices/solutions to upload files/images/snapshots to cloud and define a workflow for processing them.

Not Available

Message Routing

Very decent message routing capability is available out of the box. Up to 10 end points can be defined and Advanced Rules can be defined on how routing should occur.

Requires additional programming and hosting to support as per the need.

From this comparison table, you can analyse that IoTHub is the right candidate for your IoT solution needs, as Event Hub lacking certain capabilities that are essential for an IoT Ingestion point. If you are only requiring to send messages to cloud and doesn’t require any fancy stuff as IoTHub provides, you can choose Event Hub.

Remember with more power comes more responsibility, that’s what IotHub intend to provide to you.

Hope this overview was helpful. Please feel free to comment or initiate a discussion any time. Please share your feedbacks on this article as well.

IoT Hub is a fully managed service from Microsoft Azure as part of Azure IoT Suite that enables reliable and secure bi-directional communications between millions of IoT devices and your solution back end.

Provides device libraries for the most popular languages and platforms.

Why IoTHub?

IoT Hub and the device libraries help you to meet the challenges of how to reliably and securely connect devices to the solution back end.

Real-world IoT devices mostly have the following constaints:

Embedded systems.with minimal or no user interaction.

Remotely available, with less physical access. .

Reachable through the solution back end.

Limited power and processing capabilities

Intermittent, slow, or expensive network connectivity.

Use proprietary, custom, or industry-specific application protocols.

Created using a large set of popular hardware and software platforms.

IoT Hub provide solutions to meet all the above constraints of a connected device. In addition it also provides scale, scalability and reliability. It also addresses most of the connectivity challenges through following capabilities.

Device Twin: With Device twins, you can store, synchronize, and query device metadata and state information, and these are stored in JSON format. IoT Hub persists a device twin for each device that you connect to IoT Hub. This feature was introduced in Novemeber’16 with General availability of Iot Hub.

Per-device authentication and secure connectivity. You can provision each device with its own security key to enable it to connect to IoT Hub.There by enabling you to manage or block devices as desired.

Route device-to-cloud messages to Azure services based on declarative rules. IoT Hub enables you to define message routes based on routing rules to control where your hub sends device-to-cloud messages.

Device libraries for most of the platforms with support for Programming languages like C#, Java, Python and JavaScript.

Support for latest and widely used IoT protocols and provides extensibility: Protocols such as AMQP 1.1 or HTTP 1.1 and MQTT 3.1 are supported. We could also provide additional protocol translation using Azure IoT Gateway SDK at Device/Field/Protocol Gateway layer.

Azure IoT Hub can bring more value to organizations to bring in their field devices to cloud with real-time data capture and bi-directional communication. It solves the problem of lack of proper communication infrastructure for devices to communicate or operate on real-time basis. Pay per use, less investment infrastructure that would let you scale as you grow.

Do you feel some similarities between IoT Hub and Event Hubs service already exists as part of Azure Platform? In my later articles I would be covering some of the major differences.

Today Microsoft has announced general availability of Azure IoT Hub Device Management. With this release Azure IoT Hub subscribers/customers will be able to get access to following features and functionalities:

Device twin. Use a digital representation of your physical devices to synchronize device conditions and operator configuration between the cloud and device.

Direct methods. Apply a direct, performant action on a connected device through the cloud.

“In learning you will teach, and in teaching you will learn.” -Phil Collins

About

Nithin Mohan – A passionate hardcore application programmer, software architect, and technology evangelist with over 13 years of experience in Web, Mobile, and Cloud applications design and development.
A hardware geek, a kick-starter, and a quick learner.

Disclaimer:
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way. This blog is to share knowledge, tips & tricks on software development using Emerging Technologies. Thanks to the readers and sincere thanks to all author's of crossposted blogs. Blog is powered by theme gitsta, customized for this blog. Enjoy reading the blog and subscribe to the RSS feed.